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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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DETAILED ACTION 

This office action is in response to preliminary amendment filed on May 18, 2001. 
Original application contained Claims 1-13. Applicant cancelled Claims 8-13. Therefore, Claims 
1-7 are pending for consideration and examination. 

Claim Rejections - 35 USC § 102 

1. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

Claims 1-7 are rejected under 35 U.S.C. 102(e) as being anticipated by Wiegel (U. S. Patent 
6,484,261). 

2. Regarding Claim 1 Wiegel teaches and describes a security management system for 
controlling a security status of each of a plurality of managed systems constituting an 
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information system in accordance with an information security policy representing a policy of a 
security measure (Fig. 1-4), comprising: 

a plurality of management sections corresponding to at least one managed system and the 
information security policy, each management section being for controlling the security status of 
the managed system corresponding thereto so as to adjust the security status to the information 
security policy corresponding thereto (col. 7 line 12 to col. 8 line 26); 

a database registering a correspondence of the information security policy, the managed 
system and each management section (col. 14 line 4 to line 61); 

a security content reception section for receiving a selection of a range of the information 
security policy and the managed system from a user, and an extraction section for extracting 
from said database the management section registered so as to correspond to the information 
security policy and the managed system included in the range in which said 
security content reception section has received the selection (col. 8 line 66 to col.10 line 41); and 

a management control section for allowing the management section extracted by said 
extraction section to change the security status of the managed system corresponding to the 
management section so as to adjust to the information security policy corresponding to the 
management section (col. 14 line 62 to col. 16 line 34). 

3. Regarding Claim 2 Wiegel teaches and describes security a management system for 
auditing a security status of each of a plurality of managed systems constituting an information 
system, the security status concerning an information security policy representing a policy of a 
security measure (Fig. 1-4), comprising: 
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a plurality of audit sections corresponding to at least one managed system and at least one 
information security policy, each audit section being for auditing the security status concerning 
the corresponding information security policy of the corresponding managed system (col.7 line 
12 to col.81ine 26); 

a database registering a correspondence of the information security policy, the managed 
system and the audit section (col. 14 line 4 to line 61); 

a security content reception section for receiving a selection of a range of the information 
security policy and the managed system from the user, and an extraction section for extracting 
from said database the audit section registered so as to correspond to the information security 
policy and the managed system included in the range in which said security content reception 
section has received the selection (col.8 line 66 to col. 10 line 41, and coL14 line 62 to col. 16 line 
34); and 

an audit control section for allowing the audit section extracted by said extraction section to 
audit the security status concerning the information security policy of the managed system 
corresponding to the audit section (col. 12 line 61 to col. 13 line 67). 

4. Regarding Claim 3 Wiegel teaches and describes a security management system for 
controlling a security status of each of a plurality of managed systems constituting an 
information system in 4 accordance with an information security policy representing a policy of 
a security measure (Fig. 1 -4), comprising: 

a plurality of management sections corresponding to at least one managed system and at 
least one information security policy, each management section being for controlling the security 
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status of the corresponding managed system so as to adjust the security state to the 
corresponding information security policy, and a plurality of audit sections corresponding to at 
least one managed system and at least one information security policy, each audit section being 
for auditing the security status concerning the corresponding information security policy of the 
corresponding managed system (col.7 line 12 to col.8 line 26); 

a database registering a correspondence of the information security policy, the managed 
system, the management section and the audit section (col. 14 line 4 to line 61); 

a security content reception section for receiving a selection of a range of the information 
security policy and the managed system from a user, and an extraction section for extracting 
from said database the management section and the audit section, which are registered so as to 
correspond to the information security policy and the managed system included in the range in 
which said security content reception section has received the selection (col.8 line 66 to col. 10 
line 41); 

-a management control section for allowing the management section extracted by said 
extraction section to change the security status of the managed system corresponding to the 
management section so as to adjust to the information security policy corresponding to the 
management section (col. 14 line 62 to col. 16 line 34); and 

an audit control section for allowing the audit section extracted by said extraction section 
to audit the security status concerning the information security policy of the managed system 
corresponding to said audit section (col. 12 line 61 to col. 13 line 67). 
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5. Regarding Claim 4 Wiegel teaches and describes a security management method for 
controlling a security status of each of a plurality of managed systems constituting an 
information system with an electronic computer in accordance with an information security 
policy representing a policy of a security measure (Fig. 1-4), comprising the steps of: 

receiving a selection of a range of the information security policy and the managed system 
from a user, and extracting a management program corresponding to an information security 
policy and a managed system, included in the range in which the selection has been received, 
among a plurality of management programs describing a processing for controlling the security 
status of the corresponding managed system so as to adjust the security status to the 
corresponding information security policy, the plurality of management programs corresponding 
to at least one information security policy and at least one managed system, which are previously 
stored (col.7 line 12 to col.8 line 26, and col.8 line 66 to col. 10 line 41, and col. 14 line 62 to 
col. 16 line 34); and 

allowing the electronic computer to execute the extracted management program and to 
change the security status of the managed system corresponding to the management program so 
that the security status thereof is adjusted to the information security policy corresponding to the 
management program (col.14 line 62 to coL16 line 34, and col.12 line 61 to col.13 line 67). 

6. Regarding Claim 5 Wiegel teaches and describes a security management method for 
auditing, with an electronic computer, a security status of each of a plurality of managed systems 
constituting an information system, the security status concerning an information security policy 
representing a policy of a security measure (Fig. 1-4), comprising the steps of: 
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receiving a range of a selection of the information security policy and the managed system 
from a user, and extracting an audit program registered so as to correspond to the information 
security policy and the managed system, which are included in the range in which the selection 
has been received, among a plurality of audit programs describing a processing for auditing the 
security status concerning the corresponding information security policy of the corresponding 
managed system, the plurality of audit programs corresponding to at least one information 
security policy and at least one managed system, which are previously stored (col.7 line 12 to 
col.8 line 26, and col.8 line 66 to col.10 line 41, and col.14 line 62 to col.16 line 34); and 

allowing the electronic computer to execute the extracted audit program and to audit 
the security status of the managed system corresponding to the audit program the security 
status concerning the information security policy corresponding to the audit program (col.14 line 
62 to col.16 line 34, and col.12 line 61 to col.13 line 67). 

7. Regarding Claim 6 Wiegel teaches and describes storage medium storing a program for 
controlling a security status of each of a plurality of managed systems constituting an 
information system in accordance with an information security policy representing a policy of a 
security measure, wherein said program is read out and executed by an electronic computer, to 
construct, on said electronic computer, a security content reception section for receiving a 
selection of a range of the information security policy and the managed system from a user 
(Fig. 1-4, and col.10 line 44 to col.l21ine 2); 

an extraction section for extracting a management program corresponding to an 
information security policy and a managed system, which are included in the range in which said 
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security content reception section has received the selection, from a database storing a plurality 
of management programs describing a processing for controlling the security status of the 
corresponding managed system so as to adjust the security status of the managed system to the 
corresponding information security policy, the plurality of management programs corresponding 
at least one managed system and at least one information security policy (col.7 line 12 to col. 8 
line 26, and col.8 line 66 to col.10 line 41, and col.14 line 62 to col.16 line 34); and 

a management control section for allowing said electronic computer to execute the 
management program executed by said extraction section and to change the security status of the 
managed system corresponding to the extracted management program so as to adjust the security 
status to the information security policy corresponding to the extracted management program 
(col.14 line 62 to col.16 line 34, and col. 12 line 61 to col. 13 line 67). 

8. Regarding Claim 7 Wiegel teaches and describes a storage medium storing a program for 
auditing a security status concerning an information security policy representing a policy of a 
security measure of a plurality of managed systems constituting an information system (Fig. 1-4, 
col.10 line 44 to col.l21ine 2), wherein 

said program is read out and executed by an electronic computer, to construct, on said 
electronic computer, a security content reception section for receiving a selection of a range of 
the information security policy and the managed system from a user; an extraction section for 
extracting an audit program registered so as to correspond to an information security policy and a 
managed system, which are included in the range in which said security content reception section 
has received the selection, from a database storing a plurality of audit programs describing a 
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processing for auditing the security status concerning the corresponding information security 
policy of the corresponding managed system, the plurality of audit programs corresponding to at 
least one managed system and at least one information security policy (col. 7 line 12 to col. 8 line 
26, col.8 line 66 to col. 10 line 41, and col. 14 line 62 to col. 16 line 34); and 

an audit control section for allowing the electronic computer to execute the audit 
program extracted by said extraction section and to audit the security status concerning the 
Information security policy corresponding to the audit program of the managed system 
corresponding to the audit program (col. 14 line 62 to col. 16 line 34, and col. 12 line 61 to col. 13 
line 67). 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Syed Zia whose telephone number is 703-305-3881. The 
examiner can normally be reached on Monday - Friday 9:00 AM to 5:00 PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 703-305-9648. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

sz 

July 07, 2004 
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